Facebook’s Android app tells them your phone number, without your knowledge or consent

Facebook on AndroidEarlier this week Symantec researchers stumbled across a privacy concern with Facebook’s official Android app which once again puts into question if the social network’s developers truly *get* security and privacy.

As Symantec describes on its blog, when its developers tested its new Norton Mobile Security product against some of the world’s most popular Android apps, they were disturbed to see a warning message claiming that the Facebook Android app leaks personal information without the device owner’s knowledge:

"The first time you launch the Facebook application, even before logging in, your phone number will be sent over the Internet to Facebook servers. You do not need to provide your phone number, log in, initiate a specific action, or even need a Facebook account for this to happen."

Following on from the revelation of an incredibly dangerous security flaw that could allow hackers to hijack any Facebook account just by sending an SMS message, and over six million users having their privacy breached, you have to wonder what is going on at Facebook.

Are things really that sloppy there?

Norton Mobile SecurityThe good news is that Facebook confirmed Symantec’s findings, and has said it will fix the problem in the next version of its Android app. Furthermore, the social network says that it does not use or process the phone numbers it has been receiving, and has deleted them from its servers.

Well done to Symantec for uncovering this serious privacy flaw in Facebook’s code. That’s a great advert for the new version of the firm’s mobile security product.

Facebook might be wise to run tools like Symantec’s over future versions of its smartphone apps, before it pushes them out to millions of users - just in case there are other unexpected privacy holes that could prove embarrassing.

If you are on Facebook, and want to be kept up to date on the latest privacy and security risks threatening users, be sure to Like the “Graham Cluley Security News” Facebook page.

Hat-tip: The Next Web.

Tags: , ,

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.